Jump To: Support > KB > NetManager > Firewalling > Logging

Firewall logging

Any firewall rules can be set to log meta data on packets that hit them. For instance, you may want all packets from the Internet that are blocked by your firewall to be available for analysis. The data in the packet is not logged, just the source, destination, protocol and timestamp.

The firewall supports logging of packets that are allowed or blocked as well as just any packets of interest. Currently, the NetManager configuration system provides some configuration shortcuts to enable logging of blocked packets. These values must be set in the NetManager configuration file

• fwall_log_blockin - if enabled (set to y), all packets from the Internet that are blocked will be logged
• fwall_log_blockout - if enabled (set to y), all packets out to the Internet that are blocked will be logged
• fwall_log_blockuntrusted - if enabled (set to y), all packets from networks you have set as untrusted that are blocked will be logged

Data on logged packets is stored in a buffer for retrieval at your convenience. To view the data in real time, run the ipmon command at the root command line. You will see items like the following (type Ctrl-C when finished):

netmanager 1# ipmon
30/07/2021 12:43:32.523756 wm1 @0:9 b 45.134.26.46,59747 -> 5.6.7.8,27924 PR tcp len 20 40 -S IN
30/07/2021 12:43:39.897351 wm1 @0:9 b 91.132.58.117,15 -> 5.6.7.8,9898 PR tcp len 20 40 -S IN

If you wish to write the data to a log file for later analyis or to send onto another server, they can sent to Syslog. To enable this, set fwall_log to y. The data will be set with syslog facility local5.